Information Sharing and Security in Dynamic CoalitionsCharles E. Phillips, Jr.Computer Science & Engineering Dept.191 Auditorium Road, Box U-155The University of ConnecticutStorrs, CT 06269-3155Tel: 860.486.5582 Fax: [email protected]. Ting and Steven A. DemurjianComputer Science & Engineering Dept.191 Auditorium Road, Box U-155The University of ConnecticutStorrs, CT 06269-3155Tel: 860.486.4818 Fax: 4817{steve, ting}@ engr.uconn.eduABSTRACTToday, information sharing is critical to almost every institution.There is no more critical need for information sharing thanduring an international crisis, when international coalitionsdynamically form. In the event of a crisis, whether it ishumanitarian relief, natural disaster, combat operations, orterrorist incidents, international coalitions have an immediateneed for information. These coalitions are formed withinternational cooperation, where each participating countryoffers whatever resources it can muster to support the givencrisis. These situations can occur suddenly, simultaneously, andwithout warning. Often times, participants are coalition partnersin one crisis and adversaries in another, raising difficult securityissues with respect to information sharing. Our specific interestis in the Dynamic Coalition Problem (DCP), with an emphasison the information sharing and security risks when coalitions areformed in response to a crisis. This paper defines the DCP andexplores its intricate, challenging, and complex information andresource sharing, and security issues, utilizing real-worldsituations, which are drawn from a military domain.Categories and Subject DescriptorsC.2.4 [Computer-Communication Networks]:Distributed Systems - Client/server, distributedapplications, distributed databases. J.7 [Computers InOther Systems]: Command and control, military,process control . K.6.5 [Management Of ComputingAnd Information Systems]: Security and Protection –Authentication, insurance, invasive software (e.g.,viruses, worms, Trojan horses), physical security,unauthorized access.General TermsManagement, Design, Security.KeywordsAccess Control, Distributed Systems, InformationSecurity, Dynamic Coalitions1. INTRODUCTIONInformation security was recognized with the advent of the firstmulti-user computer system for sharing information resources,and as we begin the 21st century, this need has become moresignificant as countries join together to securely shareinformation at the global level [33]. Information sharing in asecure fashion is a daunting challenge, since we must deal withinformation content that ranges from the simple to the complex(e.g., intelligence reports, financial information, travel records,citizenship records, military positions and logistical data, mapdata, etc.) in an interoperable environment that is constantlychanging. Recently, numerous mandates have emerged toaddress information sharing. For example, a vital part of U.S.National Security Strategy states, “whenever possible we mustseek to operate alongside alliance or coalition forces, integratingtheir capabilities and capitalizing on their strengths” [38]. Thisconcept is refined further in our Department of DefenseDirectives [25] and NATO’s interoperability and securityconcerns [1]. The same information sharing and distributedsecurity concerns have driven many of the U.S. Military’sautomation plans and initiatives. However, “currently, there isno automated capability for passing command and controlinformation and situational awareness information betweennations except by liaison officer, fax, telephone, or loaningequipment” [1]. From the U.S. National Security Strategy toNATO's definition of interoperability, from non-governmentagencies to their military counterparts, sharing information in asecure manner is recognized as essential.Our interest for this paper is in secure information sharing that isrequired in response to a crisis, e.g., natural disaster(earthquake), humanitarian relief (refugee camps), internationalincidents (terrorism or spy plane), war (Gulf War), or combatoperations other than war (Bosnia). Figure 1 depicts five nearsimultaneous crises in the European Theater. While these criseshave different counties involved, there must be informationsharing between them to manage resources effectivelyPermission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copiesare not made or distributed for profit or commercial advantage and thatcopies bear this notice and the full citation on the first page. To copyotherwise, or republish, to post on servers or to redistribute to lists,requires prior specific permission and/or a fee.SACMAT’02, June 3-4, 2002, Monterey, California, USA.Copyright 2002 ACM 1-58113-496-7/02/0006…$5.00.throughout the theater of operations. With every crisis solution,there is an accompanying information sharing risk. To handle acrisis, a coalition -- an alliance of governmental, military,civilian, and international organizations -- is formed with theprimary concern being the most effective way to solve the crisis.The Dynamic Coalition Problem (DCP) can be defined as theinherent security, resource, and or information sharing risks thatoccur as a result of the coalition being formed quickly, yet stillfinding information and resource sharing a necessity for crisisresolution [36]. The events of September 11 have clearlyillustrated the DCP and the difficult issues facing coalitions ininformation sharing. In the three months following that event,the death toll went from 6,000 to 3,040, and most of thereduction has been traced to “…duplicate reports and confusionin the hours and days immediately following the attack”[CNN.com], which for our purposes, corresponds to multipledatabases and inconsistencies in reporting and updatinginformation. The lack of management and sharing ofinformation in this regard clearly illustrates one of the mainproblems facing a coalition in a crisis. In addition, thisinformation must be securely shared in an easy, efficient,scalable, and reliable way, to facilitate the
View Full Document
Unlocking...